brakeman 5.2.3 → 7.0.0

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/hexadecimal.rb

@@ -1,12 +0,0 @@
-module SafeYAML
-  class Parse
-    class Hexadecimal
-      MATCHER = /\A[-+]?0x[0-9a-fA-F_]+\Z/.freeze
-
-      def self.value(value)
-        # This is safe to do since we already validated the value.
-        return Integer(value.gsub(/_/, ""))
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/parse/sexagesimal.rb

@@ -1,26 +0,0 @@
-module SafeYAML
-  class Parse
-    class Sexagesimal
-      INTEGER_MATCHER = /\A[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+\Z/.freeze
-      FLOAT_MATCHER = /\A[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+\.[0-9_]*\Z/.freeze
-
-      def self.value(value)
-        before_decimal, after_decimal = value.split(".")
-
-        whole_part = 0
-        multiplier = 1
-
-        before_decimal = before_decimal.split(":")
-        until before_decimal.empty?
-          whole_part += (Float(before_decimal.pop) * multiplier)
-          multiplier *= 60
-        end
-
-        result = whole_part
-        result += Float("." + after_decimal) unless after_decimal.nil?
-        result *= -1 if value[0] == "-"
-        result
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_handler.rb

@@ -1,99 +0,0 @@
-require "psych"
-require "base64"
-
-module SafeYAML
-  class PsychHandler < Psych::Handler
-    def initialize(options, &block)
-      @options      = SafeYAML::OPTIONS.merge(options || {})
-      @block        = block
-      @initializers = @options[:custom_initializers] || {}
-      @anchors      = {}
-      @stack        = []
-      @current_key  = nil
-      @result       = nil
-      @begun        = false
-    end
-
-    def result
-      @begun ? @result : false
-    end
-
-    def add_to_current_structure(value, anchor=nil, quoted=nil, tag=nil)
-      value = Transform.to_proper_type(value, quoted, tag, @options)
-
-      @anchors[anchor] = value if anchor
-
-      if !@begun
-        @begun = true
-        @result = value
-        @current_structure = @result
-        return
-      end
-
-      if @current_structure.respond_to?(:<<)
-        @current_structure << value
-
-      elsif @current_structure.respond_to?(:[]=)
-        if @current_key.nil?
-          @current_key = value
-
-        else
-          if @current_key == "<<"
-            @current_structure.merge!(value)
-          else
-            @current_structure[@current_key] = value
-          end
-
-          @current_key = nil
-        end
-
-      else
-        raise "Don't know how to add to a #{@current_structure.class}!"
-      end
-    end
-
-    def end_current_structure
-      @stack.pop
-      @current_structure = @stack.last
-    end
-
-    def streaming?
-      true
-    end
-
-    # event handlers
-    def alias(anchor)
-      add_to_current_structure(@anchors[anchor])
-    end
-
-    def scalar(value, anchor, tag, plain, quoted, style)
-      add_to_current_structure(value, anchor, quoted, tag)
-    end
-
-    def end_document(implicit)
-      @block.call(@result)
-    end
-
-    def start_mapping(anchor, tag, implicit, style)
-      map = @initializers.include?(tag) ? @initializers[tag].call : {}
-      self.add_to_current_structure(map, anchor)
-      @current_structure = map
-      @stack.push(map)
-    end
-
-    def end_mapping
-      self.end_current_structure()
-    end
-
-    def start_sequence(anchor, tag, implicit, style)
-      seq = @initializers.include?(tag) ? @initializers[tag].call : []
-      self.add_to_current_structure(seq, anchor)
-      @current_structure = seq
-      @stack.push(seq)
-    end
-
-    def end_sequence
-      self.end_current_structure()
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/psych_resolver.rb

@@ -1,52 +0,0 @@
-module SafeYAML
-  class PsychResolver < Resolver
-    NODE_TYPES = {
-      Psych::Nodes::Document => :root,
-      Psych::Nodes::Mapping  => :map,
-      Psych::Nodes::Sequence => :seq,
-      Psych::Nodes::Scalar   => :scalar,
-      Psych::Nodes::Alias    => :alias
-    }.freeze
-
-    def initialize(options={})
-      super
-      @aliased_nodes = {}
-    end
-
-    def resolve_root(root)
-      resolve_seq(root).first
-    end
-
-    def resolve_alias(node)
-      resolve_node(@aliased_nodes[node.anchor])
-    end
-
-    def native_resolve(node)
-      @visitor ||= SafeYAML::SafeToRubyVisitor.new(self)
-      @visitor.accept(node)
-    end
-
-    def get_node_type(node)
-      NODE_TYPES[node.class]
-    end
-
-    def get_node_tag(node)
-      node.tag
-    end
-
-    def get_node_value(node)
-      @aliased_nodes[node.anchor] = node if node.respond_to?(:anchor) && node.anchor
-
-      case get_node_type(node)
-      when :root, :map, :seq
-        node.children
-      when :scalar
-        node.value
-      end
-    end
-
-    def value_is_quoted?(node)
-      node.quoted
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/resolver.rb

@@ -1,94 +0,0 @@
-module SafeYAML
-  class Resolver
-    def initialize(options)
-      @options              = SafeYAML::OPTIONS.merge(options || {})
-      @whitelist            = @options[:whitelisted_tags] || []
-      @initializers         = @options[:custom_initializers] || {}
-      @raise_on_unknown_tag = @options[:raise_on_unknown_tag]
-    end
-
-    def resolve_node(node)
-      return node if !node
-      return self.native_resolve(node) if tag_is_whitelisted?(self.get_node_tag(node))
-
-      case self.get_node_type(node)
-      when :root
-        resolve_root(node)
-      when :map
-        resolve_map(node)
-      when :seq
-        resolve_seq(node)
-      when :scalar
-        resolve_scalar(node)
-      when :alias
-        resolve_alias(node)
-      else
-        raise "Don't know how to resolve this node: #{node.inspect}"
-      end
-    end
-
-    def resolve_map(node)
-      tag  = get_and_check_node_tag(node)
-      hash = @initializers.include?(tag) ? @initializers[tag].call : {}
-      map  = normalize_map(self.get_node_value(node))
-
-      # Take the "<<" key nodes first, as these are meant to approximate a form of inheritance.
-      inheritors = map.select { |key_node, value_node| resolve_node(key_node) == "<<" }
-      inheritors.each do |key_node, value_node|
-        merge_into_hash(hash, resolve_node(value_node))
-      end
-
-      # All that's left should be normal (non-"<<") nodes.
-      (map - inheritors).each do |key_node, value_node|
-        hash[resolve_node(key_node)] = resolve_node(value_node)
-      end
-
-      return hash
-    end
-
-    def resolve_seq(node)
-      seq = self.get_node_value(node)
-
-      tag = get_and_check_node_tag(node)
-      arr = @initializers.include?(tag) ? @initializers[tag].call : []
-
-      seq.inject(arr) { |array, n| array << resolve_node(n) }
-    end
-
-    def resolve_scalar(node)
-      Transform.to_proper_type(self.get_node_value(node), self.value_is_quoted?(node), get_and_check_node_tag(node), @options)
-    end
-
-    def get_and_check_node_tag(node)
-      tag = self.get_node_tag(node)
-      SafeYAML.tag_safety_check!(tag, @options)
-      tag
-    end
-
-    def tag_is_whitelisted?(tag)
-      @whitelist.include?(tag)
-    end
-
-    def options
-      @options
-    end
-
-    private
-    def normalize_map(map)
-      # Syck creates Hashes from maps.
-      if map.is_a?(Hash)
-        map.inject([]) { |arr, key_and_value| arr << key_and_value }
-
-      # Psych is really weird; it flattens out a Hash completely into: [key, value, key, value, ...]
-      else
-        map.each_slice(2).to_a
-      end
-    end
-
-    def merge_into_hash(hash, array)
-      array.each do |key, value|
-        hash[key] = value
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/safe_to_ruby_visitor.rb

@@ -1,29 +0,0 @@
-module SafeYAML
-  class SafeToRubyVisitor < Psych::Visitors::ToRuby
-    INITIALIZE_ARITY = superclass.instance_method(:initialize).arity
-
-    def initialize(resolver)
-      case INITIALIZE_ARITY
-      when 2
-        # https://github.com/tenderlove/psych/blob/v2.0.0/lib/psych/visitors/to_ruby.rb#L14-L28
-        loader  = Psych::ClassLoader.new
-        scanner = Psych::ScalarScanner.new(loader)
-        super(scanner, loader)
-
-      else
-        super()
-      end
-
-      @resolver = resolver
-    end
-
-    def accept(node)
-      if node.tag
-        SafeYAML.tag_safety_check!(node.tag, @resolver.options)
-        return super
-      end
-
-      @resolver.resolve_node(node)
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/store.rb

@@ -1,39 +0,0 @@
-require 'safe_yaml/load'
-require 'yaml/store'
-
-module SafeYAML
-
-  class Store < YAML::Store
-
-    # Override YAML::Store#initialize to accept additional option
-    # +safe_yaml_opts+.
-    def initialize(file_name, yaml_opts = {}, safe_yaml_opts = {})
-      @safe_yaml_opts = safe_yaml_opts
-      super(file_name, yaml_opts)
-    end
-
-    # Override YAML::Store#load to use SafeYAML.load instead of
-    # YAML.load (via #safe_yaml_load).
-    #--
-    # PStore#load is private, while YAML::Store#load is public.
-    #++
-    def load(content)
-      table = safe_yaml_load(content)
-      table == false ? {} : table
-    end
-
-    private
-
-    if SafeYAML::YAML_ENGINE == 'psych'
-      def safe_yaml_load(content)
-        SafeYAML.load(content, nil, @safe_yaml_opts)
-      end
-    else
-      def safe_yaml_load(content)
-        SafeYAML.load(content, @safe_yaml_opts)
-      end
-    end
-
-  end
-
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_hack.rb

@@ -1,36 +0,0 @@
-# Hack to JRuby 1.8's YAML Parser Yecht
-#
-# This file is always loaded AFTER either syck or psych are already
-# loaded. It then looks at what constants are available and creates
-# a consistent view on all rubys.
-#
-# Taken from rubygems and modified.
-# See https://github.com/rubygems/rubygems/blob/master/lib/rubygems/syck_hack.rb
-
-module YAML
-  # In newer 1.9.2, there is a Syck toplevel constant instead of it
-  # being underneith YAML. If so, reference it back under YAML as
-  # well.
-  if defined? ::Syck
-    # for tests that change YAML::ENGINE
-    # 1.8 does not support the second argument to const_defined?
-    remove_const :Syck rescue nil
-
-    Syck = ::Syck
-
-  # JRuby's "Syck" is called "Yecht"
-  elsif defined? YAML::Yecht
-    Syck = YAML::Yecht
-  end
-end
-
-# Sometime in the 1.9 dev cycle, the Syck constant was moved from under YAML
-# to be a toplevel constant. So gemspecs created under these versions of Syck
-# will have references to Syck::DefaultKey.
-#
-# So we need to be sure that we reference Syck at the toplevel too so that
-# we can always load these kind of gemspecs.
-#
-if !defined?(Syck)
-  Syck = YAML::Syck
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_node_monkeypatch.rb

@@ -1,43 +0,0 @@
-# This is, admittedly, pretty insane. Fundamentally the challenge here is this: if we want to allow
-# whitelisting of tags (while still leveraging Syck's internal functionality), then we have to
-# change how Syck::Node#transform works. But since we (SafeYAML) do not control instantiation of
-# Syck::Node objects, we cannot, for example, subclass Syck::Node and override #tranform the "easy"
-# way. So the only choice is to monkeypatch, like this. And the only way to make this work
-# recursively with potentially call-specific options (that my feeble brain can think of) is to set
-# pseudo-global options on the first call and unset them once the recursive stack has fully unwound.
-
-monkeypatch = <<-EORUBY
-  class Node
-    @@safe_transform_depth     = 0
-    @@safe_transform_whitelist = nil
-
-    def safe_transform(options={})
-      begin
-        @@safe_transform_depth += 1
-        @@safe_transform_whitelist ||= options[:whitelisted_tags]
-
-        if self.type_id
-          SafeYAML.tag_safety_check!(self.type_id, options)
-          return unsafe_transform if @@safe_transform_whitelist.include?(self.type_id)
-        end
-
-        SafeYAML::SyckResolver.new.resolve_node(self)
-
-      ensure
-        @@safe_transform_depth -= 1
-        if @@safe_transform_depth == 0
-          @@safe_transform_whitelist = nil
-        end
-      end
-    end
-
-    alias_method :unsafe_transform, :transform
-    alias_method :transform, :safe_transform
-  end
-EORUBY
-
-if defined?(YAML::Syck::Node)
-  YAML::Syck.module_eval monkeypatch
-else
-  Syck.module_eval monkeypatch
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/syck_resolver.rb

@@ -1,38 +0,0 @@
-module SafeYAML
-  class SyckResolver < Resolver
-    QUOTE_STYLES = [
-      :quote1,
-      :quote2
-    ].freeze
-
-    NODE_TYPES = {
-      Hash   => :map,
-      Array  => :seq,
-      String => :scalar
-    }.freeze
-
-    def initialize(options={})
-      super
-    end
-
-    def native_resolve(node)
-      node.transform(self.options)
-    end
-
-    def get_node_type(node)
-      NODE_TYPES[node.value.class]
-    end
-
-    def get_node_tag(node)
-      node.type_id
-    end
-
-    def get_node_value(node)
-      node.value
-    end
-
-    def value_is_quoted?(node)
-      QUOTE_STYLES.include?(node.instance_variable_get(:@style))
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_boolean.rb

@@ -1,21 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToBoolean
-      include TransformationMap
-
-      set_predefined_values({
-        "yes"   => true,
-        "on"    => true,
-        "true"  => true,
-        "no"    => false,
-        "off"   => false,
-        "false" => false
-      })
-
-      def transform?(value)
-        return false if value.length > 5
-        return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_date.rb

@@ -1,13 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToDate
-      def transform?(value)
-        return true, Date.parse(value) if Parse::Date::DATE_MATCHER.match(value)
-        return true, Parse::Date.value(value) if Parse::Date::TIME_MATCHER.match(value)
-        false
-      rescue ArgumentError
-        return true, value
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_float.rb

@@ -1,33 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToFloat
-      Infinity = 1.0 / 0.0
-      NaN = 0.0 / 0.0
-
-      PREDEFINED_VALUES = {
-        ".inf"  => Infinity,
-        ".Inf"  => Infinity,
-        ".INF"  => Infinity,
-        "-.inf" => -Infinity,
-        "-.Inf" => -Infinity,
-        "-.INF" => -Infinity,
-        ".nan"  => NaN,
-        ".NaN"  => NaN,
-        ".NAN"  => NaN,
-      }.freeze
-
-      MATCHER = /\A[-+]?(?:\d[\d_]*)?\.[\d_]+(?:[eE][-+][\d]+)?\Z/.freeze
-
-      def transform?(value)
-        return true, Float(value) if MATCHER.match(value)
-        try_edge_cases?(value)
-      end
-
-      def try_edge_cases?(value)
-        return true, PREDEFINED_VALUES[value] if PREDEFINED_VALUES.include?(value)
-        return true, Parse::Sexagesimal.value(value) if Parse::Sexagesimal::FLOAT_MATCHER.match(value)
-        return false
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_integer.rb

@@ -1,26 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToInteger
-      MATCHERS = Deep.freeze([
-        /\A[-+]?(0|([1-9][0-9_,]*))\Z/, # decimal
-        /\A0[0-7]+\Z/,                  # octal
-        /\A0x[0-9a-f]+\Z/i,             # hexadecimal
-        /\A0b[01_]+\Z/                  # binary
-      ])
-
-      def transform?(value)
-        MATCHERS.each_with_index do |matcher, idx|
-          value = value.gsub(/[_,]/, "") if idx == 0
-          return true, Integer(value) if matcher.match(value)
-        end
-        try_edge_cases?(value)
-      end
-
-      def try_edge_cases?(value)
-        return true, Parse::Hexadecimal.value(value) if Parse::Hexadecimal::MATCHER.match(value)
-        return true, Parse::Sexagesimal.value(value) if Parse::Sexagesimal::INTEGER_MATCHER.match(value)
-        return false
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_nil.rb

@@ -1,18 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToNil
-      include TransformationMap
-
-      set_predefined_values({
-        ""      => nil,
-        "~"     => nil,
-        "null"  => nil
-      })
-
-      def transform?(value)
-        return false if value.length > 4
-        return PREDEFINED_VALUES.include?(value), PREDEFINED_VALUES[value]
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/to_symbol.rb

@@ -1,17 +0,0 @@
-module SafeYAML
-  class Transform
-    class ToSymbol
-      def transform?(value, options=SafeYAML::OPTIONS)
-        if options[:deserialize_symbols] && value =~ /\A:./
-          if value =~ /\A:(["'])(.*)\1\Z/
-            return true, $2.sub(/^:/, "").to_sym
-          else
-            return true, value.sub(/^:/, "").to_sym
-          end
-        end
-
-        return false
-      end
-    end
-  end
-end

data/bundle/ruby/2.7.0/gems/safe_yaml-1.0.5/lib/safe_yaml/transform/transformation_map.rb

@@ -1,47 +0,0 @@
-module SafeYAML
-  class Transform
-    module TransformationMap
-      def self.included(base)
-        base.extend(ClassMethods)
-      end
-
-      class CaseAgnosticMap < Hash
-        def initialize(*args)
-          super
-        end
-
-        def include?(key)
-          super(key.downcase)
-        end
-
-        def [](key)
-          super(key.downcase)
-        end
-
-        # OK, I actually don't think it's all that important that this map be
-        # frozen.
-        def freeze
-          self
-        end
-      end
-
-      module ClassMethods
-        def set_predefined_values(predefined_values)
-          if SafeYAML::YAML_ENGINE == "syck"
-            expanded_map = predefined_values.inject({}) do |hash, (key, value)|
-              hash[key] = value
-              hash[key.capitalize] = value
-              hash[key.upcase] = value
-              hash
-            end
-          else
-            expanded_map = CaseAgnosticMap.new
-            expanded_map.merge!(predefined_values)
-          end
-
-          self.const_set(:PREDEFINED_VALUES, expanded_map.freeze)
-        end
-      end
-    end
-  end
-end